Project

General

Profile

strongSwan User Documentation » History » Version 173

Noel Kuntze, 25.04.2020 22:57
"h2. If you need help or have questions, look at these articles first", h3. in the middle is deliberate to make the text bigger.

1 92 Andreas Steffen
h1. strongSwan User Documentation
2 91 Andreas Steffen
3 1 Martin Willi
{{>toc}}
4 1 Martin Willi
5 173 Noel Kuntze
h2. If you need help or have questions, look at these articles first
6 1 Martin Willi
7 173 Noel Kuntze
h3. 
8 1 Martin Willi
* A list of [[FAQ|Frequently Asked Questions]] is maintained [[FAQ|here]].
9 173 Noel Kuntze
* [[HelpRequests|Before you ask for help, read this article]]
10 173 Noel Kuntze
* [[CommercialSupport|Commercial Support offerings]]
11 150 Noel Kuntze
12 150 Noel Kuntze
h2. Important articles
13 147 Noel Kuntze
14 1 Martin Willi
* [[IntroductionTostrongSwan|Introduction to strongSwan]]
15 168 Andreas Steffen
** [[ForwardingAndSplitTunneling|Forwarding and Split-Tunneling]]
16 150 Noel Kuntze
* [[CorrectTrafficDump|Taking traffic dumps correctly]]
17 168 Andreas Steffen
* [[SecurityRecommendations|Security Recommendations]]
18 154 Noel Kuntze
* [[SimpleCA|Setting up a simple CA using the strongSwan PKI tool]]
19 171 Noel Kuntze
* [[Cloudplatforms|strongSwan on cloud platforms]]
20 172 Noel Kuntze
* [[ThirdPartyTools|Third Party provided tools for strongSwan]]
21 147 Noel Kuntze
22 51 Andreas Steffen
h2. Features
23 51 Andreas Steffen
24 51 Andreas Steffen
* [[VirtualIp|Virtual IP]] via mode-config (IKEv1) or configuration payload (IKEv2)
25 51 Andreas Steffen
* [[NatTraversal|NAT Traversal]]
26 51 Andreas Steffen
* [[MobIke|MOBIKE]]
27 58 Martin Willi
* [[CryptoTest|Crypto tests]] provide a way to self-test used crypto implementations
28 58 Martin Willi
* [[IntegrityTest|Integrity tests]] make sure that the daemons use plugins and libraries they were built against
29 93 Martin Willi
* [[PluginList|Plugin list]] gives an overview about all optionally loadable strongSwan plugins
30 1 Martin Willi
31 1 Martin Willi
{{include_h(ConfigurationFiles)}}
32 1 Martin Willi
33 148 Noel Kuntze
h2. Benchmarks
34 148 Noel Kuntze
35 148 Noel Kuntze
* [[PublicKeySpeed|Public Key Benchmark]] using various crypto libraries (gmp, gcrypt, openssl)
36 51 Andreas Steffen
* [[RaspberryPi2Benchmark|Raspberry Pi 2 ESP Benchmark]]
37 141 Noel Kuntze
38 167 Andreas Steffen
{{include_h(ConfigurationExamples)}}
39 167 Andreas Steffen
40 148 Noel Kuntze
h2. HOWTOs
41 144 Noel Kuntze
42 152 Noel Kuntze
* [[ExpiryRekey|Configuring rekeying and reauthentication]]
43 141 Noel Kuntze
* [[Pcrypt|Parallel IPsec processing using pcrypt]]
44 151 Noel Kuntze
* [[RouteBasedVPN|Information about route based VPNs (Virtual Tunnel Interfaces (VTIs))]]
45 71 Andreas Steffen
* [[NetworkManager|NetworkManager client setup]]
46 71 Andreas Steffen
* [[EapGtc|Authenticate road warriors using EAP-GTC and a PAM service]]
47 79 Martin Willi
* [[EapRadius|Use a RADIUS AAA server to authenticate clients with EAP]]
48 81 Martin Willi
* [[EapTls|EAP-TLS certificate authentication]]
49 80 Martin Willi
* [[HighAvailability|Configure a failsafe strongSwan High Availability cluster]]
50 71 Andreas Steffen
* [[SimpleCA|Setting-up a simple CA using the strongSwan PKI tool]]
51 75 Andreas Steffen
* [[CAmanagementGUIs|CA management made easy using GUIs]]
52 133 Andreas Steffen
* [[Bliss|Post-Quantum Bimodal Lattice Signature Scheme (BLISS) HOWTO]]
53 51 Andreas Steffen
* [[HashAndUrl|Hash-and-URL HOWTO]]
54 51 Andreas Steffen
* [[SqlLite|SQLite HOWTO]]
55 51 Andreas Steffen
* [[LoggerConfiguration|Logger configuration HOWTO]]
56 97 Tobias Brunner
* [[JobPriority|Job priority management HOWTO]]
57 51 Andreas Steffen
* [[IkeSaTable|IKE_SA lookup tuning HOWTO]]
58 55 Martin Willi
* [[MobileIPv6|Mobile IPv6 HOWTO]]
59 1 Martin Willi
* [[SmartCards|Smartcard HOWTO]]
60 160 Tobias Brunner
* [[TpmPlugin|Using TPM 2.0 keys with the strongSwan PKI tool and IKE daemon]]
61 110 Andreas Steffen
* [[TrustedNetworkConnect|Trusted Network Connect (TNC) HOWTO]]
62 117 Andreas Steffen
* [[BYOD|Android BYOD Security based on TNC]]
63 110 Andreas Steffen
* [[IfMap|TNC IF-MAP HOWTO]]
64 120 Andreas Steffen
* [[StrongTnc|strongTNC Policy Manager HOWTO]]
65 110 Andreas Steffen
* [[IMA|Linux Integrity Measurement Architecture (IMA)]] 
66 51 Andreas Steffen
* [[AwsVpc|Setting up a VPN into the Amazon Public Cloud's VPC]] 
67 131 Tobias Brunner
* [[Netns|Running strongSwan in Network Namespaces on Linux]]
68 1 Martin Willi
69 99 Tobias Brunner
h2. Portability
70 99 Tobias Brunner
71 125 Tobias Brunner
* [[Android|strongSwan on Android]]
72 118 Tobias Brunner
* [[FreeBSD|strongSwan on FreeBSD]]
73 1 Martin Willi
* [[MacOSX|strongSwan on Mac OS X]]
74 1 Martin Willi
* [[Windows|strongSwan on Windows]]
75 125 Tobias Brunner
* [[OpenWrt|strongSwan on OpenWrt]]
76 125 Tobias Brunner
* [[Maemo|strongSwan on Maemo (Nokia N900)]]
77 125 Tobias Brunner
78 54 Andreas Steffen
h2. Interoperability
79 1 Martin Willi
80 145 Noel Kuntze
* [[Windows7|Windows 7 and newer]] with IKEv2
81 60 Andreas Steffen
* [[WindowsSuiteB|Windows Suite B Support]] with IKEv1
82 143 Noel Kuntze
* [[IOS_(Apple)|Apple iOS (iPhone, iPad) and Mac OS X]] with IKEv1/IKEv2
83 108 Andreas Steffen
* [[CharonPlutoIKEv1|strongSwan 4.x (pluto) - 5.x (charon)]] with IKEv1
84 1 Martin Willi
* [[BlackBerry|Blackberry OS 10 ]] with IKEv2
85 165 Noel Kuntze
* [[CiscoInteroperability|CISCO brand devices]]
86 166 Noel Kuntze
* [[Fortinet|Fortinet brand devices]]
87 170 Noel Kuntze
* [[Checkpoint|Check Point brand devices]]
88 89 Andreas Steffen
89 51 Andreas Steffen
h2. Management Commands
90 1 Martin Willi
91 163 Andreas Steffen
* The powerful [[swanctl]] command starts, stops and monitors IPsec connections.
92 163 Andreas Steffen
* The legacy [[IpsecCommand|ipsec]] command is deprecated but currently still supported.
93 1 Martin Willi
94 24 Martin Willi
h2. Auxiliary Tools
95 36 Martin Willi
96 119 Tobias Brunner
* [[charon-cmd]] a simple command line IKE client
97 161 Andreas Steffen
* [[IpsecPKI|pki]] generates and analyzes RSA/ECDSA private keys and X.509 certificates  
98 119 Tobias Brunner
99 105 Tobias Brunner
* ipsec [[IpsecAttest|attest]] manages measurement reference values used for TPM-based remote attestation
100 68 Andreas Steffen
* ipsec [[IpsecLeases|leases]] shows the assignment of virtual IP adresses stored in volatile memory
101 95 Tobias Brunner
* ipsec [[IpsecPool|pool]] manages virtual IP address pools and attributes stored in an SQL database and provided by the [[attrsql|attr-sql plugin]]
102 51 Andreas Steffen
* ipsec [[ScepClient|scepclient]] implements the _Simple Certificate Enrollment Protocol (SCEP)_
103 51 Andreas Steffen
* ipsec [[IpsecStarter|starter]] starts, stops, and configures the IKE daemons
104 51 Andreas Steffen
* ipsec [[IpsecStroke|stroke]] controls the IKE charon daemon
105 1 Martin Willi
* ipsec [[IpsecConftest|conftest]] is a tool to test IKEv2 implementations
106 161 Andreas Steffen
107 161 Andreas Steffen
* [[PtTlsClient|pt-tls-client]] using PT-TLS to collect integrity measurement information
108 161 Andreas Steffen
* [[SwCollector|sw-collector]] Extracts software installation events from dpkg history log
109 162 Andreas Steffen
* [[SecUpdater|sec-updater]]  Extracts security update information of Linux distributions